The last time I mentioned HIPAA here, we had a nice little debate.
I asked whether HIPAA should be scrapped. Most of you believed that it should be amended instead.
Fair enough. But with the first HIPAA audits now going down (starting at the hospital where my kids were born) the level of criticism is starting to rise.
Worse, security breaches are starting to get the attention, and shame, that HIPAA was designed to provide. A San Diego non-profit whose former network administrator chose to get even by breaking-in and erasing stuff now faces a world of legal hurt from the patients whose data was erased.
And the former network administrator is now a convicted felon, branded a hacker and faces sentencing November 14. He could get 20 years.
The sudden resignation of Adam Bosworth from Google Health is another indication, if one were needed, that HIPAA is a high barrier to entry for anyone in the medical IT business.
That is not the way it was supposed to be. HIPAA was supposed to protect patients and prevent security breaches, not to slow technology's advance and shame those who support it.
So, what changes should be made to the HIPAA law, or its enforcement, so that it can actually do what it's designed to do?
Y'all want to mend HIPAA? Let's see those sewing needles, ladies and gentlemen.